ZDNetAsia : Printer Friendly - Microsoft tools address SQL injection attacks

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Microsoft tools address SQL injection attacks

By Robert Vamosi
Thursday, June 26 2008 10:36 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,62043116,00.htm

Microsoft on Tuesday issued new tools to assist Microsoft ASP and ASP.NET technologies against recent Web-based attacks.

In April, attackers went after Microsoft SQL sites by injecting malicious JavaScript onto legitimate sites. The JavaScript would direct a browser to a server hosting malicious software infecting the desktop with a variety of exploits.

At the time Microsoft insisted it was not the result of a vulnerability, but lack of best practices on the sites themselves.

The tools released Tuesday are designed to help Web developers mitigate against such attacks.

"These free tools offer detection and defense, as well as identify possible code which may be exploited by an attacker," said Bill Sisk, security response communications manager for Microsoft.

The three tools include HP Scrawlr , UrlScan version 3.0 Beta , and a SQL Source Code Analysis Tool. Microsoft further recommends following the best practices found within advisory 954462.

This article was first published as a blog on CNET News.com.